CN111585885A - Multi-courtyard medical information security routing strategy based on online learning - Google Patents
Multi-courtyard medical information security routing strategy based on online learning Download PDFInfo
- Publication number
- CN111585885A CN111585885A CN202010449124.3A CN202010449124A CN111585885A CN 111585885 A CN111585885 A CN 111585885A CN 202010449124 A CN202010449124 A CN 202010449124A CN 111585885 A CN111585885 A CN 111585885A
- Authority
- CN
- China
- Prior art keywords
- node
- next hop
- router
- formula
- historical performance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 11
- 238000004364 calculation method Methods 0.000 claims abstract description 6
- 230000006870 function Effects 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000011156 evaluation Methods 0.000 claims description 4
- 230000004931 aggregating effect Effects 0.000 claims description 3
- 230000001186 cumulative effect Effects 0.000 claims description 3
- 239000011159 matrix material Substances 0.000 claims description 3
- 230000001419 dependent effect Effects 0.000 claims description 2
- 230000007123 defense Effects 0.000 abstract description 2
- 238000013461 design Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/24—Multipath
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/24—Multipath
- H04L45/245—Link aggregation, e.g. trunking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/28—Routing or path finding of packets in data switching networks using route fault recovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a multi-institution medical information security routing strategy based on online learning, which comprises the following steps of 1, calculating an elastic value of a sending source AS for resisting prefix hijacking attack; step 2, calculating the historical performance of the nodes by an online learning method; step 3, combining two indexes of the node elasticity value and the historical performance to carry out weighting distribution so as to obtain the best next hop node; and 4, selecting the node with the higher node weight value as the next hop node. By the technical scheme, the defense capability of the node for defending the Prefix Interception attack is measured by introducing the concept of elasticity, the historical performance of the router node is calculated by utilizing an online learning method, and the optimal next hop router is obtained by performing weighted calculation on the calculated elasticity value and the historical performance by the safety routing strategy, so that the data packet of the sending source can be safely sent to the correct source.
Description
Technical Field
The invention belongs to the technical field of network communication security, and particularly relates to a multi-institution medical information security routing strategy based on online learning and used for resisting random prefix hijack attack.
Background
With the development of economy and the gradual improvement of medical equipment, a hospital usually comprises a plurality of sub-areas. Information transmission between the individual areas of the hospital is indispensable, and due to the importance of medical information, it is important in the present society to ensure the security of information during information transmission. The networks of each substation form an Autonomous System (AS), information interaction between the ASs is mainly realized through a Border Gateway Protocol (BGP), and the BGP combines the whole networks together, which is an important standard for exchanging routing information and changing routes between the ASs. In BGP, the routing path taken by an Internet Protocol (IP) packet is usually determined by Prefix advertisement, and BGP is vulnerable to Prefix Interception attacks because routers do not verify the correct source of the Prefix advertised by the AS.
The Prefix Interception attack means that an adversary AS declares a Prefix code which does not belong to the adversary AS, and a router does not verify a source AS with a correct Prefix, and only forwards an IP packet according to a local routing strategy, so that a data packet flows into an error source AS. An attacker of the Prefix Interception attack, after receiving the data packet, will send the data packet to the correct source, making the attack difficult to detect.
Real-time counterfeit route detection remains a challenging and open problem in view of the lack of authoritative information about prefixes and ases in the internet. To detect prefix hijacking and path-spoofing routing, the connection between the allocated prefixes in the internet and their legitimate source AS and the import/export routing policies between the AS and the AS must be known.
Disclosure of Invention
In order to resist the Prefix Interception attack, the invention provides a new safe routing strategy, which adopts an elastic evaluation algorithm and an online learning algorithm to respectively evaluate the capability of the node for resisting the Prefix Interception attack and the historical performance of the BGP router, and combines the two characteristics to select the optimal route, thereby achieving the purpose of resisting the Prefix Interception attack.
The purpose of the invention and the technical problem to be solved are realized by adopting the following technical scheme. According to the invention, the multi-institution medical information security routing strategy based on online learning comprises the following steps:
step 1, calculating an elastic value of a sending source AS for resisting prefix hijack attack;
step 2, calculating the historical performance of the nodes by an online learning method;
step 3, combining two indexes of the node elasticity value and the historical performance to carry out weighting distribution so as to obtain the best next hop node;
and 4, selecting the node with the higher node weight value as the next hop node.
Further, in step 1, the result of the node being attacked is represented by α (m, j, f), so the elasticity is calculated using the following formula when judging the elasticity of the node:
in this equation, l (j, m) is the number of paths from the sending source AS j to the correct source AS m, and l (j, f) is the number of paths from the sending source ASj to the error source AS f; in a network, when a sending source AS and a correct source AS are determined, the elasticity value of the sending source ASj can be obtained by aggregating node elasticity, with the formula:
in the formula, H represents the number of all nodes in the network topology.
Further, in step 2, the step of calculating the historical performance of the node is as follows:
in the formula, T represents the tth round, and 1 represents an indication function, since the attack is time-sensitive, it is effective to define the historical performance in the time interval;
b: when the on-line learning method is used for calculating the historical performance, the historical performance is summarized by the following formula:
in the formulaRepresenting the next hop router that router s has selected,representing a set of next hop routers which can be selected by the router s in the t round, 1 representing an indication function, J representing a set of selectable next hop routers, and s representing a set of routers where the router is currently located;
c: assume that router s selects the next hop router obedient distributionThen the problem can be translated into:
in the formulaRepresenting the probability of selecting the next hop router set,a matrix vector representing risk values for selecting a next hop router, wherein:
representP (j) represents the probability that node s selects node j as the next hop,represents the probability of selecting the next-hop router set J, and the value is positive;
d: the evaluation of the historical performance for each router is calculated using the following formula:
whereinThe step size is represented as a function of,represents the cumulative security risk, which is defined as follows:
in the formulaRepresenting that all edges connecting node n and node j exist Represents a learning rate of an online learning algorithm;probability that a neighbor node n representing a node s is selected;representing the set of next hop routers selected in the past roundA set of next hop routers selectable with the t round; set of next hop routersAs already disclosed, the probability of router s selecting next hop router j is:
e: the performance of the online learning algorithm is analyzed by calculating the regret value, defined as follows:
the regret value definition is dependent on the best selectable next hop router, and the regret value of a randomly selected next hop router is bounded by:
In step 3, when the node elasticity value and the historical performance are weighted and distributed, an adjustable parameter beta is introduced to be the [0,1] and is combined with the node elasticity value and the historical performance, and the calculation formula is as follows:
in the formula, WjAnd representing the weight value of the node j after combining the elasticity value and the historical performance.
By means of the technical scheme, the invention designs a safe routing strategy based on online learning, and a network-level attacker can initiate a Prefix Interception attack by declaring an IP Prefix code which does not belong to the attacker, so when the attacker declares a Prefix code for intercepting a data packet, a part of a sending source AS is deceived by an error source AS, and the data packet is sent to the error source AS to replace the sending to a correct source AS. The attacker will send the data packet to the correct source AS after receiving the data packet, which makes the attack difficult to detect. The invention quotes the elastic concept to measure the defending ability of the node defending the Prefix Interception attack, and uses the online learning method to calculate the historical performance of the router node, the safe routing strategy obtains the best next hop router by weighting the calculated elastic value and the historical performance, thereby ensuring that the data packet of the sending source can safely reach the correct source.
The foregoing description is only an overview of the technical solutions of the present invention, and in order to make the technical means of the present invention more clearly understood, the present invention may be implemented in accordance with the content of the description, and in order to make the above and other objects, features, and advantages of the present invention more clearly understandable, the following preferred embodiments are described in detail with reference to the accompanying drawings.
Drawings
FIG. 1 is a schematic flow diagram of the present invention.
Detailed Description
The technical solution of the present invention will be further described in detail with reference to the accompanying drawings and preferred embodiments.
Firstly, a network-level attacker can launch Prefix interception attack by announcing IP prefix codes which do not belong to the attacker, so when the attacker announces the prefix codes for intercepting data packets, a part of AS is deceived by an error source AS, and the data packets are sent to a false source AS instead of being sent to a true source AS. The attacker, after receiving the data packet, sends the data packet to the correct source AS, which makes the attack difficult to detect. In the invention, the defense capability of the node for defending the Prefix Interception attack is measured by citing the concept of elasticity, and the historical performance of the router node is calculated by utilizing an online learning method. The application designs a multi-hospital medical information safety routing strategy based on online learning, the safety routing strategy obtains the optimal next-hop router by weighting and calculating the calculated elasticity value and the historical performance, and the specific flow is shown in fig. 1.
In order to realize the related functions of the design scheme, an algorithm for calculating the node elasticity value and an algorithm for calculating the historical performance of the node need to be designed. The functions of the various modules and method steps are described in detail below.
1. Computing elastic value of AS for resisting prefix hijack attack
In this section, the concept of resiliency is introduced to evaluate the ability of a node to resist a Prefix Interception attack. The adversary at AS level declares that the AS Prefix code does not belong to the adversary to initiate a Prefix Interception attack, and each node has a plurality of paths leading to an error source AS f and a true source AS m. If source ASj is not spoofed by the wrong source ASf and still sends its traffic to the correct source AS m, source AS j is resilient to this prefix hijacking attack. The attacked node of each node is successful or failed, and the attacked result of the node is represented by alpha (m, j, f). Therefore, in determining the resiliency of a node, the resiliency is calculated using the following formula:
in this equation, l (j, m) is the number of paths from source AS j to the correct source AS m, and l (j, f) is the number of paths from source AS j to the wrong source AS f. In a network, when the source AS j and the correct source AS m are determined, the resiliency of the source AS j can be obtained by aggregating the node resiliency, and the formula is AS follows:
in the formula, H represents the number of all nodes in the network topology.
The elasticity value of the node against the Prefix Interception attack is measured by predicting the route, and the selection of the route is determined by the following conditions: (1) consumer routing takes precedence over peer-to-peer network routing, peer-to-peer network routing takes precedence over provider routing; (2) among the paths with the highest local priority, the path with the shortest hop count is preferentially selected. In the present invention, traversal of nodes is performed using breadth-first search based on the priorities and characteristics described above. First, the highest priority path, i.e., provider-consumer route, is searched; secondly, searching peer-to-peer network routes; finally, the consumer-provider route is searched. The nodes are searched from the node with the highest priority to the node with the lowest priority, the searches have the same priority in the same step, and this order will speed up the calculation of elasticity.
2. Calculating historical performance of routers through online learning
When the invention uses routers for information exchange, it should be noted that packets with different prefixes flowing into the AS in the last rounds are used in the inventionThe security risk of the selected router is expressed by the formula:
in this equation, T represents the tth round, and 1 represents an indication function. Because the attack is time-sensitive, it is effective to define the historical performance over time interval D.
When the on-line learning method is used for calculating the historical performance, the historical performance can be summarized by the following formula:
whereinRepresenting the next hop router that router s has selected,represents the set of next-hop routers S can select in the t round, 1 represents the indicator function, J represents the set of selectable next-hop routers, and S represents the set of routers currently located. Assume that router s selects the next hop router obedient distributionThe problem can be translated into:
in the formulaRepresenting the probability of selecting the next hop router set,a matrix vector representing risk values for selecting a next hop router, wherein:
representP (j) represents the probability that node s selects node j as the next hop;representing the probability of selecting the next-hop set of routers J, and is positive. The evaluation of the historical performance for each router is calculated using the following formula:
whereinThe step size is represented as a function of,represents the cumulative security risk, which is defined as follows:
whereinRepresenting that all edges connecting node n and node j exist Representing a learning rate of the online learning algorithm;probability that a neighbor node n representing a node s is selected;representing the set of next hop routers selected in the last past roundAnd the set of next hop routers that can be selected in t rounds. Set of next hop routersAs already disclosed, the probability of router s selecting next hop router j is:
the performance of the online learning algorithm is analyzed by calculating the regret value, defined as follows:
The rationale for the regret definition is to rely on the best selectable next hop router. And the bounds of the regret value of the randomly selected next hop router are:
In summary, the algorithm steps of the historical performance are as follows:
Step two, a selectable next hop router set is disclosed;
thirdly, calculating the probability of selecting the next hop router by the node s;
And step seven, entering the next round of calculation.
3. The elasticity value and the historical performance of the node are combined to obtain the optimal next hop router.
Two important performance indicators of the router have been described above: elasticity and historical performance. If only the elasticity value is considered, the safety of the route cannot be guaranteed; if only the historical performance is considered, the reachability of the route is not guaranteed. The elasticity and the historical performance of the router are combined, so that the safety and the accessibility of the route are guaranteed. Firstly, evaluating the elasticity value of the router; then evaluating the historical performance of the router; finally, introducing an adjustable parameter beta epsilon [0,1] to combine the two properties, wherein the formula is as follows:
in the formula, WjAnd representing the node j combined with the elasticity value and the historical performance weighted value.
In summary, the specific implementation steps of the routing policy in this embodiment are as follows:
step one, predicting a route according to the priority of the local route, thereby calculating the node elasticity;
step two, calculating the historical performance of the nodes according to an online learning method;
step three, carrying out weighted distribution on two indexes of node elasticity and historical performance;
step four, selecting a node weight WjAnd the higher node is used AS a next hop node, so that the data packet of the transmission source AS j is safely transmitted to the correct source.
The above description is only a preferred embodiment of the present invention, and any person skilled in the art can make any simple modification, equivalent change and modification to the above embodiments according to the technical essence of the present invention without departing from the scope of the present invention, and still fall within the scope of the present invention.
Claims (4)
1. The on-line learning-based multi-institution medical information security routing strategy is characterized by comprising the following steps:
step 1, calculating an elastic value of a sending source AS for resisting prefix hijack attack;
step 2, calculating the historical performance of the nodes by an online learning method;
step 3, combining two indexes of the node elasticity value and the historical performance to carry out weighting distribution so as to obtain the best next hop node;
and 4, selecting the node with the higher node weight value as the next hop node.
2. The online-learning-based multi-institution medical information security routing policy of claim 1, wherein: in step 1, the result of the node being attacked is represented by α (m, j, f), so the elasticity is calculated using the following formula when judging the elasticity of the node:
in this formula, l (j, m) is the number of paths from the transmission source AS j to the correct source ASm, and l (j, f) is the number of paths from the transmission source ASj to the error source AS f; in a network, when a sending source AS and a correct source AS are determined, the elasticity value of the sending source ASj can be obtained by aggregating node elasticity, with the formula:
in the formula, H represents the number of all nodes in the network topology.
3. The online-learning-based multi-institution medical information security routing policy of claim 2, wherein: in step 2, the calculation steps of the node historical performance are as follows:
a: calculating the safety risk r of the j node in the t roundt s(j) The formula is as follows:
in the formula, T represents the tth round, and 1 represents an indication function, since the attack is time-sensitive, it is effective to define the historical performance in the time interval;
b: when the on-line learning method is used for calculating the historical performance, the historical performance is summarized by the following formula:
in the formulaRepresenting the next hop router that router s has selected,representing a set of next hop routers which can be selected by the router s in the t round, 1 representing an indication function, J representing a set of selectable next hop routers, and s representing a set of routers where the router is currently located;
c: assume that router s selects the next hop router obedient distribution Then the problem can be translated into:
in the formulaRepresenting the probability of selecting the next hop router set,a matrix vector representing risk values for selecting a next hop router, wherein:
representP (j) represents the probability that node s selects node j as the next hop,represents the probability of selecting the next-hop router set J, and the value is positive;
d: the evaluation of the historical performance for each router is calculated using the following formula:
whereinThe step size is represented as a function of,represents the cumulative security risk, which is defined as follows:
in the formulaRepresenting that all edges connecting node n and node j exist Represents a learning rate of an online learning algorithm;probability that a neighbor node n representing a node s is selected;representing the set of next hop routers selected in the past roundA set of next hop routers selectable with the t round; set of next hop routersAs already disclosed, the probability of router s selecting next hop router j is:
e: the performance of the online learning algorithm is analyzed by calculating the regret value, defined as follows:
the regret value definition is dependent on the best selectable next hop router, and the regret value of a randomly selected next hop router is bounded by:
4. The online-learning-based multi-institution medical information security routing policy of claim 3, wherein: when the node elasticity value and the historical performance are weighted and distributed in the step 3, an adjustable parameter beta is introduced to be the [0,1] and is combined with the node elasticity value and the historical performance, and the calculation formula is as follows:
in the formula, WjAnd representing the weight value of the node j after combining the elasticity value and the historical performance.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010449124.3A CN111585885A (en) | 2020-05-25 | 2020-05-25 | Multi-courtyard medical information security routing strategy based on online learning |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010449124.3A CN111585885A (en) | 2020-05-25 | 2020-05-25 | Multi-courtyard medical information security routing strategy based on online learning |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111585885A true CN111585885A (en) | 2020-08-25 |
Family
ID=72125346
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010449124.3A Pending CN111585885A (en) | 2020-05-25 | 2020-05-25 | Multi-courtyard medical information security routing strategy based on online learning |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111585885A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100132037A1 (en) * | 2008-11-25 | 2010-05-27 | At&T Intellectual Property I, L.P. | System and method to locate a prefix hijacker within a one-hop neighborhood |
CN106060014A (en) * | 2016-05-18 | 2016-10-26 | 中国互联网络信息中心 | Method for simultaneously solving prefix hijacking, path hijacking and route leakage attacks |
CN108496328A (en) * | 2015-12-21 | 2018-09-04 | 赛门铁克公司 | The accurate real-time identification that malice BGP is kidnapped |
-
2020
- 2020-05-25 CN CN202010449124.3A patent/CN111585885A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100132037A1 (en) * | 2008-11-25 | 2010-05-27 | At&T Intellectual Property I, L.P. | System and method to locate a prefix hijacker within a one-hop neighborhood |
CN108496328A (en) * | 2015-12-21 | 2018-09-04 | 赛门铁克公司 | The accurate real-time identification that malice BGP is kidnapped |
CN106060014A (en) * | 2016-05-18 | 2016-10-26 | 中国互联网络信息中心 | Method for simultaneously solving prefix hijacking, path hijacking and route leakage attacks |
Non-Patent Citations (2)
Title |
---|
MENG MENG;ET ALL: "Safeguarding against prefix interception attacks via online learning", 《ROBOTICS AND AUTONOMOUS SYSTEM》 * |
刘宇靖: "面向前缀劫持防范的域间路由系统安全性评估", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Jhaveri et al. | A novel approach for grayhole and blackhole attacks in mobile ad hoc networks | |
Guangsen et al. | Cooperative defence against DDoS attacks | |
Yau et al. | Reputation methods for routing security for mobile ad hoc networks | |
US20100153537A1 (en) | Method and apparatus for providing detection of internet protocol address hijacking | |
US20170251387A1 (en) | Detecting the status of a mesh node in a wireless mesh network | |
Dave et al. | An effective Black hole attack detection mechanism using Permutation Based Acknowledgement in MANET | |
CN113992539A (en) | Network security dynamic route hopping method and system | |
Nur et al. | Single packet AS traceback against DoS attacks | |
Qaisar et al. | Toras: Trustworthy load-balanced opportunistic routing for asynchronous duty-cycled wsns | |
Feng et al. | Research on the active DDoS filtering algorithm based on IP flow | |
Jiang et al. | Preventing traffic analysis in packet radio networks | |
Saharan et al. | Prevention of DrDoS amplification attacks by penalizing the attackers in SDN environment | |
CN111585885A (en) | Multi-courtyard medical information security routing strategy based on online learning | |
Sangeetha et al. | A novel traffic dividing and scheduling mechanism for enhancing security and performance in the tor network | |
EP4231589A1 (en) | Method and system for network topology obfuscation | |
AU2021100084A4 (en) | IOT-Enable Wireless Sensor Networks for controlled And Safe Routing | |
Gupta et al. | A trust based secure gateway selection and authentication scheme in MANET | |
Ghander et al. | Power aware cooperation enforcement MANET routing protocols | |
Fujinoki | Multi-path BGP (MBGP): A solution for improving network bandwidth utilization and defense against link failures in inter-domain routing | |
Wübbeling et al. | Improved calculation of as resilience against ip prefix hijacking | |
Yao et al. | Exploiting non-cooperative game against cache pollution attack in vehicular content centric network | |
Gupta et al. | An Innovative Approach to Detect the Gray-Hole Attack in AODV based MANET | |
Isozaki | Detection Bottleneck links without multiple nodes | |
Ahmed et al. | An experimental study on inter-domain routing dynamics using IP-level path traces | |
Amaresh et al. | Efficient malicious detection for AODV in mobile ad-hoc network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200825 |